<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<link rel="stylesheet" type="text/css" href="css.css">
<TITLE>Sanewall, Pre-defined service definitions.</TITLE>
<meta name="author" content="Costa Tsaousis">
<meta name="robots" content="noindex">
<meta name="description" content="

Home for sanewall, an iptables stateful packet filtering firewall builder for Linux (kernel 2.4),
supporting NAT, SNAT, DNAT, REDIRECT, MASQUERADE, DMZ, dual-homed, multi-homed and router setups,
protecting and securing hosts and LANs in all kinds of topologies. Configuration is done using
simple client and server statements while it can detect (and produce) its configuration
automatically. Sanewall is extremely easy to understand, configure and audit.

">

<meta name="keywords" content="iptables, netfilter, filter, firewall, stateful, port, secure, security, NAT, DMZ, DNAT, DSL, SNAT, redirect, router, rule, rules, automated, bash, block, builder, cable, complex, configuration, dual-homed, easy, easy configuration, example, fast, features, flexible, forward, free, gpl, helpme mode, human, intuitive, language, linux, masquerade, modem, multi-homed, open source, packet, panic mode, protect, script, service, system administration, wizard">
<meta http-equiv="Expires" content="Wed, 19 Mar 2003 00:00:01 GMT">
</HEAD>

<BODY bgcolor="#FFFFFF">

<p>

Bellow is the list of sanewall supported services. You can overwrite all the services (including those marked as complex) with the
procedures defined in <a href="adding.html">Adding Services</a>.
<p>
In case you have problems with some service because it is defined by its port names instead of its port numbers, you can find the
required port numbers at <a href="http://www.graffiti.com/services">http://www.graffiti.com/services</a>.
<p>
Please report problems related to port names usage. I will replace the faulty names with the relative numbers to eliminate this problem.
All the services defined by name in sanewall are known to resolve in <a href="http://www.redhat.com">RedHat</a> systems 7.x and 8.
<p>
<center>
<hr noshade size=1>
<table border=0 cellspacing=3 cellpadding=5 width="80%">
<tr>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>A</td></tr>
	<tr><td align=left valign=top><small>

<a href="#AH">AH</a>, <a href="#all">all</a>, <a href="#amanda">amanda</a>, <a href="#any">any</a>, <a href="#anystateless">anystateless</a>, <a href="#apcupsd">apcupsd</a>, <a href="#apcupsdnis">apcupsdnis</a>, <a href="#aptproxy">aptproxy</a>, <a href="#asterisk">asterisk</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>C</td></tr>
	<tr><td align=left valign=top><small>

<a href="#cups">cups</a>, <a href="#custom">custom</a>, <a href="#cvspserver">cvspserver</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>D</td></tr>
	<tr><td align=left valign=top><small>

<a href="#darkstat">darkstat</a>, <a href="#daytime">daytime</a>, <a href="#dcc">dcc</a>, <a href="#dcpp">dcpp</a>, <a href="#dhcp">dhcp</a>, <a href="#dhcprelay">dhcprelay</a>, <a href="#dict">dict</a>, <a href="#distcc">distcc</a>, <a href="#dns">dns</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>E</td></tr>
	<tr><td align=left valign=top><small>

<a href="#echo">echo</a>, <a href="#emule">emule</a>, <a href="#eserver">eserver</a>, <a href="#ESP">ESP</a></td></tr></table></td>
</tr><tr>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>F</td></tr>
	<tr><td align=left valign=top><small>

<a href="#finger">finger</a>, <a href="#ftp">ftp</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>G</td></tr>
	<tr><td align=left valign=top><small>

<a href="#gift">gift</a>, <a href="#giftui">giftui</a>, <a href="#gkrellmd">gkrellmd</a>, <a href="#GRE">GRE</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>H</td></tr>
	<tr><td align=left valign=top><small>

<a href="#h323">h323</a>, <a href="#heartbeat">heartbeat</a>, <a href="#http">http</a>, <a href="#https">https</a>, <a href="#hylafax">hylafax</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>I</td></tr>
	<tr><td align=left valign=top><small>

<a href="#iax">iax</a>, <a href="#iax2">iax2</a>, <a href="#icmp">icmp</a>, <a href="#ICMP">ICMP</a>, <a href="#icp">icp</a>, <a href="#ident">ident</a>, <a href="#imap">imap</a>, <a href="#imaps">imaps</a>, <a href="#irc">irc</a>, <a href="#isakmp">isakmp</a></td></tr></table></td>
</tr><tr>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>J</td></tr>
	<tr><td align=left valign=top><small>

<a href="#jabber">jabber</a>, <a href="#jabberd">jabberd</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>L</td></tr>
	<tr><td align=left valign=top><small>

<a href="#ldap">ldap</a>, <a href="#ldaps">ldaps</a>, <a href="#lpd">lpd</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>M</td></tr>
	<tr><td align=left valign=top><small>

<a href="#microsoft_ds">microsoft_ds</a>, <a href="#mms">mms</a>, <a href="#ms_ds">ms_ds</a>, <a href="#msn">msn</a>, <a href="#multicast">multicast</a>, <a href="#mysql">mysql</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>N</td></tr>
	<tr><td align=left valign=top><small>

<a href="#netbackup">netbackup</a>, <a href="#netbios_dgm">netbios_dgm</a>, <a href="#netbios_ns">netbios_ns</a>, <a href="#netbios_ssn">netbios_ssn</a>, <a href="#nfs">nfs</a>, <a href="#nis">nis</a>, <a href="#nntp">nntp</a>, <a href="#nntps">nntps</a>, <a href="#ntp">ntp</a>, <a href="#nut">nut</a>, <a href="#nxserver">nxserver</a></td></tr></table></td>
</tr><tr>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>O</td></tr>
	<tr><td align=left valign=top><small>

<a href="#oracle">oracle</a>, <a href="#OSPF">OSPF</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>P</td></tr>
	<tr><td align=left valign=top><small>

<a href="#p2p">p2p</a>, <a href="#ping">ping</a>, <a href="#pop3">pop3</a>, <a href="#pop3s">pop3s</a>, <a href="#portmap">portmap</a>, <a href="#postgres">postgres</a>, <a href="#pptp">pptp</a>, <a href="#privoxy">privoxy</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>R</td></tr>
	<tr><td align=left valign=top><small>

<a href="#radius">radius</a>, <a href="#radiusold">radiusold</a>, <a href="#radiusoldproxy">radiusoldproxy</a>, <a href="#radiusproxy">radiusproxy</a>, <a href="#rdp">rdp</a>, <a href="#rndc">rndc</a>, <a href="#rsync">rsync</a>, <a href="#rtp">rtp</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>S</td></tr>
	<tr><td align=left valign=top><small>

<a href="#samba">samba</a>, <a href="#sip">sip</a>, <a href="#smtp">smtp</a>, <a href="#smtps">smtps</a>, <a href="#snmp">snmp</a>, <a href="#snmptrap">snmptrap</a>, <a href="#socks">socks</a>, <a href="#squid">squid</a>, <a href="#ssh">ssh</a>, <a href="#stun">stun</a>, <a href="#submission">submission</a>, <a href="#sunrpc">sunrpc</a>, <a href="#swat">swat</a>, <a href="#syslog">syslog</a></td></tr></table></td>
</tr><tr>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>T</td></tr>
	<tr><td align=left valign=top><small>

<a href="#telnet">telnet</a>, <a href="#tftp">tftp</a>, <a href="#time">time</a>, <a href="#timestamp">timestamp</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>U</td></tr>
	<tr><td align=left valign=top><small>

<a href="#upnp">upnp</a>, <a href="#uucp">uucp</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>V</td></tr>
	<tr><td align=left valign=top><small>

<a href="#vmware">vmware</a>, <a href="#vmwareauth">vmwareauth</a>, <a href="#vmwareweb">vmwareweb</a>, <a href="#vnc">vnc</a></td></tr></table></td>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>W</td></tr>
	<tr><td align=left valign=top><small>

<a href="#webcache">webcache</a>, <a href="#webmin">webmin</a>, <a href="#whois">whois</a></td></tr></table></td>
</tr><tr>

<td width="25%" align=left valign=top>
	<table border=0 cellpadding=2 cellspacing=2 width="100%">
	<tr><td align=left valign=top><font color="gray" size=+1><b>X</td></tr>
	<tr><td align=left valign=top><small>

<a href="#xbox">xbox</a>, <a href="#xdmcp">xdmcp</a></td></tr></table></td>
</tr></table>
<hr noshade size=1>
<p>
<table border=0 cellspacing=5 cellpadding=10 width="80%">
<tr bgcolor="#EEEEEE"><th>Service</th><th>Type</th><th>Description</th></tr>
<tr >
	<td align="center" valign="top"><a name="AH"><b>AH</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>51/any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>IPSec Authentication Header (AH). <p> For more information see the <a href="http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html#AH.ipsec">FreeS/WAN documentation</a> and RFC <a href="http://www.ietf.org/rfc/rfc2402.txt?number=2402">RFC 2402</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server AH accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="all"><b>all</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>all</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>all</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Matches all traffic (all protocols, ports, etc) while ensuring that required kernel modules are loaded. <br>This service may indirectly setup a set of other services, if they are required by the kernel modules to be loaded. Currently it activates also <a href="#ftp">ftp</a>, <a href="#irc">irc</a> and <a href="#icmp">icmp</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server all accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="amanda"><b>amanda</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>see&nbsp;notes</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>see&nbsp;notes</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>This implementation of <a href="http://amanda.sf.net">AMANDA, the Advanced Maryland Automatic Network Disk Archiver</a> is based on the <a href="http://amanda.sourceforge.net/cgi-bin/fom?_highlightWords=firewall&file=139">notes posted at Amanda's Faq-O-Matic</a>. <p> Based on this, sanewall allows:<br> <ul> <li>a connection from the server to the client at <b>udp 10080</b></li> <li>connections from the client to the server at <b>tcp & udp</b> ports controlled by the variable <b>SANEWALL_AMANDA_PORTS</b>. <p> Default: <b>SANEWALL_AMANDA_PORTS="850:859"</b> <p>It has been written in amanda mailing lists that by default amanda chooses ports in the range of 600 to 950. If you don't compile amanda yourself you may have to change the variable SANEWALL_AMANDA_PORTS to accept a wider match (but consider the trust relationship you are building with this). </li> </ul> I <b>strongly suggest</b> to use this service in your firewall like: <p> <b><a href="commands.html#server">server</a> amanda accept <a href="commands.html#src">src</a> 1.2.3.4</b>, or <br> <b><a href="commands.html#client">client</a> amanda accept <a href="commands.html#dst">dst</a> 5.6.7.8</b> <p> in order to limit the hosts that have access to the ports controlled by the variable <b>SANEWALL_AMANDA_PORTS</b>. <p> This complex service handles correctly the multi-socket bi-directional environment required. Use the sanewall <b>server</b> directive on the Amanda server, and sanewall's <b>client</b> on the Amanda client. <p> The <b>amanda</b> service will break if it is NATed (to work it would require a bi-directional NAT and a modification in the amanda code to allow connections from/to high ports). <p> <b>USE THIS WITH CARE. MISUSE OF THIS SERVICE MAY LEAD TO OPENING PRIVILEGED PORTS TO ANYONE.</b><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server amanda accept <u>src</u> <u>1.2.3.4</u></b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="any"><b>any</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>all</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>all</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Matches all traffic (all protocols, ports, etc), but does not care about kernel modules and does not activate any other service indirectly. In combination with the <a href="commands.html#parameters">Optional Rule Parameters</a> this service can match unusual traffic (e.g. GRE - protocol 47).<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server any <u>myname</u> accept proto 47</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="anystateless"><b>anystateless</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>all</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>all</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Matches all traffic (all protocols, ports, etc), but does not care about kernel modules and does not activate any other service indirectly. In combination with the <a href="commands.html#parameters">Optional Rule Parameters</a> this service can match unusual traffic (e.g. GRE - protocol 47). <p> Also, this service is exactly the same with service <a href="#any">any</a>, but does not care about the state of traffic.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server anystateless <u>myname</u> accept proto 47</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="apcupsd"><b>apcupsd</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/6544</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.apcupsd.com/">APC UPS Deamon</a> ports. This service must be defined as <b>server apcupsd accept</b> on all machines not directly connected to the UPS (i.e. slaves). <p> Note that the port defined here is not the default port (6666) used if you download and compile APCUPSD, since the default is conflicting with IRC and many distributions (like Debian) have changed this to 6544. <p> You can define port 6544 in APCUPSD, by changing the value of NETPORT in its configuration file, or overwrite this sanewall service definition using the procedures described in <a href="adding.html">Adding Services</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server apcupsd accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="apcupsdnis"><b>apcupsdnis</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/3551</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>APC UPS Network Information Server. This service allows the remote WEB interfaces <a href="http://www.apcupsd.com/">APCUPSD</a> has, to connect and get information from the server directly connected to the UPS device.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server apcupsdnis accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="aptproxy"><b>aptproxy</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/9999</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Debian package proxy.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server aptproxy accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="asterisk"><b>asterisk</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/5038</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.asterisk.org">Asterisk</a> is an open source PABX and the Swiss knife of VoIP.<p> This service refers only to the <b>manager</b> interface of asterisk. You should normally need to enable <a href="#sip">sip</a>, <a href="#h323">h323</a>, <a href="#rtp">rtp</a>, etc at the firewall level, if you enable the relative channel drivers of asterisk.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server asterisk accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="cups"><b>cups</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/631</b>
,
<b>udp/631</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.cups.org">Common UNIX Printing System</a><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server cups accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="custom"><b>custom</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>defined&nbsp;in&nbsp;the&nbsp;command</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>defined&nbsp;in&nbsp;the&nbsp;command</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>This service is used by sanewall to allow you define services it currently does not support.<br> To find more about this service please check the <a href="adding.html">Adding Services</a> section.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server custom <u>myimap</u> <u>tcp/143</u> <u>default</u> accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="cvspserver"><b>cvspserver</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/2401</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server cvspserver accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="darkstat"><b>darkstat</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/666</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://purl.org/net/darkstat">Darkstat</a> is a network traffic analyzer. It's basically a packet sniffer which runs as a background process on a cable/DSL router and gathers all sorts of useless but interesting statistics.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server darkstat accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="daytime"><b>daytime</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/13</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server daytime accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="dcc"><b>dcc</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/6277</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Distributed Checksum Clearinghouses. See <a href="http://spamassassin.taint.org/faq/index.cgi?req=show&file=faq02.007.htp">http://spamassassin.taint.org/faq/index.cgi?req=show&file=faq02.007.htp</a> and <a href="http://www.rhyolite.com/anti-spam/dcc/FAQ.html#firewall-ports">http://www.rhyolite.com/anti-spam/dcc/FAQ.html#firewall-ports</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server dcc accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="dcpp"><b>dcpp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1412</b>
,
<b>udp/1412</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Direct Connect++ P2P, can be found <a href="http://dcplusplus.sourceforge.net">here</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server dcpp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="dhcp"><b>dhcp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/67</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>68</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The DHCP service has been changed in v1.211 of sanewall and now it is implemented as stateless. This has been done because DHCP clients broadcast the network (src 0.0.0.0 dst 255.255.255.255) to find a DHCP server. If the DHCP service was stateful the iptables connection tracker would not match the packets and deny to send the reply. Note that this change does not affect the security of either DHCP servers or clients, since only the specific ports are allowed (there is no random port at either the server or the client side). <p> Also, keep in mind that the <b>server dhcp accept</b> or <b>client dhcp accept</b> commands should placed within interfaces that either do not have <b>src</b> and / or <b>dst</b> defined (because of the initial broadcast). <p> You can overcome this problem by placing the DHCP service on a separate interface, without an <b>src</b> or <b>dst</b> but with a <b>policy return</b>. Place this interface before the one that defines the rest of the services. <p> For example: <table border=0 cellpadding=0 cellspacing=0> <tr><td><pre> <br>&nbsp;&nbsp;&nbsp;&nbsp;interface eth0 dhcp <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;policy return <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;server dhcp accept <br> <br>&nbsp;&nbsp;&nbsp;&nbsp;interface eth0 lan src "$mylan" dst "$myip" <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;... <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;client all accept </td></tr></table><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server dhcp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="dhcprelay"><b>dhcprelay</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/67</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>67</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>DHCP Relay. <p><small><b><font color="gray">From RFC 1812 section 9.1.2</font></b></small><br> In many cases, BOOTP clients and their associated BOOTP server(s) do not reside on the same IP (sub)network. In such cases, a third-party agent is required to transfer BOOTP messages between clients and servers. Such an agent was originally referred to as a BOOTP forwarding agent. However, to avoid confusion with the IP forwarding function of a router, the name BOOTP relay agent has been adopted instead. <p> For more information about DHCP Relay see section 9.1.2 of <a href="http://www.ietf.org/rfc/rfc1812.txt?number=1812">RFC 1812</a> and section 4 of <a href="http://www.ietf.org/rfc/rfc1542.txt?number=1542">RFC 1542</a><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server dhcprelay accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="dict"><b>dict</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/2628</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The Dictionary Server Protocol (DICT) is a TCP transaction based query/response protocol that allows a client to access dictionary definitions from a set of natural language dictionary databases. See <a href="http://www.ietf.org/rfc/rfc2229.txt?number=2229">RFC2229</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server dict accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="distcc"><b>distcc</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/3632</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://distcc.samba.org/">distcc</a> is a program to distribute builds of C, C++, Objective C or Objective C++ code across several machines on a network.<p> For distcc security, please check the <a href="http://distcc.samba.org/security.html">distcc security design</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server distcc accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="dns"><b>dns</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/53</b>
,
<b>tcp/53</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server dns accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="echo"><b>echo</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/7</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server echo accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="emule"><b>emule</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.emule-project.com">eMule</a> (Donkey network client). <p> According to <a href="http://www.emule-project.net/faq/ports.htm">eMule Port Definitions</a>, sanewall defines: <ul> <li>Connection from any client port to the server at tcp/4661<br>&nbsp;</li> <li>Connection from any client port to the server at tcp/4662<br>&nbsp;</li> <li>Connection from any client port to the server at udp/4665<br>&nbsp;</li> <li>Connection from any client port to the server at udp/4672<br>&nbsp;</li> <li>Connection from any server port to the client at tcp/4662<br>&nbsp;</li> <li>Connection from any server port to the client at udp/4672<br>&nbsp;</li> </ul> Use the sanewall <a href="commands.html#client">client</a> command to match the eMule client. <p> Please note that the <a href="http://www.emule-project.com">eMule</a> client is an HTTP client also.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>client emule accept src 1.1.1.1</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="eserver"><b>eserver</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/4661</b>
,
<b>udp/4661</b>
,
<b>udp/4665</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://lugdunum2k.free.fr/kiten.html">eserver</a> is the emule/edonkey server.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server eserver accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="ESP"><b>ESP</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>50/any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>IPSec Encapsulated Security Payload (ESP). <p> For more information see the <a href="http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/ipsec.html#ESP.ipsec">FreeS/WAN documentation</a> and RFC <a href="http://www.ietf.org/rfc/rfc2406.txt?number=2406">RFC 2406</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ESP accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="finger"><b>finger</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/79</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>See: <a href="http://www.busan.edu/~nic/networking/firewall/ch08_08.htm">O'Reilly's Building Internet Firewalls book</a> about finger and firewalls.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server finger accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="ftp"><b>ftp</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
<font color=red><b>ip_conntrack_ftp</b></font> (CONFIG_IP_NF_FTP)
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
<font color=red><b>ip_nat_ftp</b></font> (CONFIG_IP_NF_NAT_FTP)
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The FTP service matches both active and passive FTP connections by utilizing the FTP connection tracker kernel module.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ftp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="gift"><b>gift</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/4302</b>
,
<b>tcp/1214</b>
,
<b>tcp/2182</b>
,
<b>tcp/2472</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://gift.sourceforge.net">GiFT</a> is a collection of various software components geared towards improving the overall usability of a multitude of peer-to-peer file-sharing networks.<p> The <b>gift</b> sanewall service supports:<br> <ul> <li>Gnutella listening at tcp/4302</li> <li>FastTrack listening at tcp/1214</li> <li>OpenFT listening at tcp/2182 and tcp/2472</li> </ul> The above ports are the defaults given for the coresponding GiFT modules.<p> To allow access to the user interface ports of GiFT, use the <a href="#giftui">giftui</a> sanewall service.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server gift accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="giftui"><b>giftui</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1213</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://gift.sourceforge.net">GiFT</a> is a collection of various software components geared towards improving the overall usability of a multitude of peer-to-peer file-sharing networks.<p> This service refers only to the user interface ports offered by GiFT. To allow gift accept P2P requests, use the <a href="#gift">gift</a> sanewall service.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server giftui accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="gkrellmd"><b>gkrellmd</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/19150</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server gkrellmd accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="GRE"><b>GRE</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>47/any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Generic Routing Encapsulation (protocol No 47). <p> For more information see RFC <a href="http://www.ietf.org/rfc/rfc2784.txt?number=2784">RFC 2784</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server GRE accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="h323"><b>h323</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1720</b>
,
<b>tcp/1731</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.voip-info.org/wiki-H.323">H.323</a> is much more complicated than this firewall implementation. Check <a href="http://erris.med.virginia.edu/tech/FIREWALL.HTM">this document</a> for an explanation.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server h323 accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="heartbeat"><b>heartbeat</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/690:699</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>HeartBeat is the Linux clustering solution available <a href=http://www.linux-ha.org/>http://www.linux-ha.org/</a>. This sanewall service has been designed such a way that it will allow multiple heartbeat clusters on the same LAN.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server heartbeat accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="http"><b>http</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/80</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server http accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="https"><b>https</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/443</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server https accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="hylafax"><b>hylafax</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>This complex service allows incomming requests to server port tcp/4559 and outgoing <b>from</b> server port tcp/4558. <p> <b>The correct operation of this service has not been verified.</b> <p> <b>USE THIS WITH CARE. A HYLAFAX CLIENT MAY OPEN ALL TCP UNPRIVILEGED PORTS TO ANYONE</b> (from port tcp/4558).<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server hylafax accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="iax"><b>iax</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/5036</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server iax accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="iax2"><b>iax2</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/5469</b>
,
<b>udp/4569</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server iax2 accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="icmp"><b>icmp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>icmp/any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server icmp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="ICMP"><b>ICMP</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>icmp/any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ICMP accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="icp"><b>icp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/3130</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>3130</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server icp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="ident"><b>ident</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/113</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ident reject with tcp-reset</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="imap"><b>imap</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/143</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server imap accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="imaps"><b>imaps</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/993</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server imaps accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="irc"><b>irc</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/6667</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
<font color=red><b>ip_conntrack_irc</b></font> (CONFIG_IP_NF_IRC)
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
<font color=red><b>ip_nat_irc</b></font> (CONFIG_IP_NF_NAT_IRC)
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server irc accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="isakmp"><b>isakmp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/500</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>IPSec key negotiation (IKE on UDP port 500). <p> For more information see the <a href="http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/quickstart-firewall.html#quick_firewall">FreeS/WAN documentation</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server isakmp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="jabber"><b>jabber</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/5222</b>
,
<b>tcp/5223</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.jabber.org">Jabber</a> Instant Messenger <p> This definition allows both clear and SSL jabber client - to - jabber server connections, as given in this <a href="http://www.jabber.org/user/userfaq.html#id2781037">Jabber FAQ</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server jabber accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="jabberd"><b>jabberd</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/5222</b>
,
<b>tcp/5223</b>
,
<b>tcp/5269</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.jabber.org">Jabberd</a> Instant Messenger Server <p> This definition allows both clear and SSL jabber client - to - jabber server and jabber server - to - server connections, as given in this <a href="http://www.jabber.org/admin/adminguide.html#requirements-ports">Jabberd FAQ</a>. <p> Use this service for a jabberd server. In all other cases, use the <a href="#jabber">jabber</a> service.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server jabberd accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="ldap"><b>ldap</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/389</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ldap accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="ldaps"><b>ldaps</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/636</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ldaps accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="lpd"><b>lpd</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/515</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Line Printer Deamon Protocol (LPD) <p> LPD is documented in <a href="http://www.ietf.org/rfc/rfc1179.txt?number=1179">RFC 1179</a>. <p> Since many operating systems are incorrectly using the default client ports for LPD access, this definition allows the default client ports to access the service (additionally to the RFC defined 721 to 731 inclusive).<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server lpd accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="microsoft_ds"><b>microsoft_ds</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/445</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Direct Hosted (i.e. NETBIOS-less SMB) <p> This is another NETBIOS Session Service with minor differences with <a href="#netbios_ssn">netbios_ssn</a>. It is supported only by Windows 2000 and Windows XP and it offers the advantage of being indepedent of WINS for name resolution. <p> It seems that samba supports transparently this protocol on the <a href="#netbios_ssn">netbios_ssn</a> ports, so that either direct hosted or traditional SMB can be served simultaneously. <p> Please refer to the <a href="#netbios_ssn">netbios_ssn</a> service for more information.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server microsoft_ds accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="mms"><b>mms</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1755</b>
,
<b>udp/1755</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
<font color=red><b>ip_conntrack_mms</b></font> (CONFIG_IP_NF_MMS)
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
<font color=red><b>ip_nat_mms</b></font> (CONFIG_IP_NF_NAT_MMS)
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server mms accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="ms_ds"><b>ms_ds</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/445</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Direct Hosted (i.e. NETBIOS-less SMB) <p> This is another NETBIOS Session Service with minor differences with <a href="#netbios_ssn">netbios_ssn</a>. It is supported only by Windows 2000 and Windows XP and it offers the advantage of being indepedent of WINS for name resolution. <p> It seems that samba supports transparently this protocol on the <a href="#netbios_ssn">netbios_ssn</a> ports, so that either direct hosted or traditional SMB can be served simultaneously. <p> Please refer to the <a href="#netbios_ssn">netbios_ssn</a> service for more information.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ms_ds accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="msn"><b>msn</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/6891</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Microsoft MSN Messenger Service<p> For a discussion about what works and what is not, please take a look at <A HREF="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/evaluate/worki01.asp">this technet note</A>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server msn accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="multicast"><b>multicast</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>N/A</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>N/A</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The multicast service matches all packets send to 224.0.0.0/4 using IGMP or UDP.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server multicast reject with proto-unreach</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="mysql"><b>mysql</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/3306</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server mysql accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="netbackup"><b>netbackup</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/13701</b>
,
<b>tcp/13711</b>
,
<b>tcp/13720</b>
,
<b>tcp/13721</b>
,
<b>tcp/13724</b>
,
<b>tcp/13782</b>
,
<b>tcp/13783</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>This is the Veritas NetBackup service. To use this service you must define it as both client and server in NetBackup clients and NetBackup servers.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server netbackup accept<br>client netbackup accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="netbios_dgm"><b>netbios_dgm</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/138</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>NETBIOS Datagram Service <p> See also the <a href="#samba">samba</a> service. <p> Keep in mind that this service broadcasts (to the broadcast address of your LAN) UDP packets. If you place this service within an interface that has a <b>dst</b> parameter, remember to include (in the <b>dst</b> parameter) the broadcast address of your LAN too.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server netbios_dgm accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="netbios_ns"><b>netbios_ns</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/137</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>NETBIOS Name Service <p> See also the <a href="#samba">samba</a> service.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server netbios_ns accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="netbios_ssn"><b>netbios_ssn</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/139</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>NETBIOS Session Service <p> See also the <a href="#samba">samba</a> service. <p> Please keep in mind that newer NETBIOS clients prefer to use port 445 (<a href="#microsoft_ds">microsoft_ds</a>) for the NETBIOS session service, and when this is not available they fall back to port 139 (netbios_ssn). Versions of samba above 3.x bind automatically to ports 139 and 445. <p> If you have an older samba version and your policy on an interface or router is <b>DROP</b>, clients trying to access port 445 will have to timeout before falling back to port 139. This timeout can be up to several minutes. <p> To overcome this problem either explicitly <b>REJECT</b> the <a href="#microsoft_ds">microsoft_ds</a> service with a tcp-reset message (<b>server microsoft_ds reject with tcp-reset</b>), or redirect port 445 to port 139 using the following rule (put it all-in-one-line at the top of your sanewall config): <p> <b> iptables -t nat -A PREROUTING -i eth0 -p tcp -s 1.1.1.1/24 --dport 445 -d 2.2.2.2 -j REDIRECT --to-port 139 <p> </b>or<b> <p> redirect to 139 inface eth0 src 1.1.1.1/24 proto tcp dst 2.2.2.2 dport 445 </b><p> where: <ul> <li><b>eth0</b> is the network interface your NETBIOS server uses <br>&nbsp; </li> <li><b>1.1.1.1/24</b> is the subnet matching all the clients IP addresses <br>&nbsp; </li> <li><b>2.2.2.2</b> is the IP of your linux server on eth0 (or whatever you set the first one above) </li> </ul><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server netbios_ssn accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="nfs"><b>nfs</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>500:65535</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The NFS service queries the RPC service on the NFS server host to find out the ports <b>nfsd</b>, <b>mountd</b>, <b>lockd</b> and <b>rquotad</b> are listening. Then, according to these ports it sets up rules on all the supported protocols (as reported by RPC) in order the clients to be able to reach the server. <p> For this reason, the NFS service requires that: <ul> <li>the firewall is restarted if the NFS server is restarted</li> <li>the NFS server must be specified on all nfs statements (only if it is not the localhost)</li> </ul> Since NFS queries the remote RPC server, it is required to also be allowed to do so, by allowing the <a href="#portmap">portmap</a> service too. Take care, that this is allowed by the <b>running firewall</b> when sanewall tries to query the RPC server. So you might have to setup NFS in two steps: First add the portmap service and activate the firewall, then add the NFS service and restart the firewall. <p> To avoid this you can setup your NFS server to listen on pre-defined ports, as it is well documented in <a href="http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS">http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS</a>. If you do this then you will have to define the the ports using the procedure described in <a href="adding.html">Adding Services</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>client nfs accept <u>dst</u> <u>1.2.3.4</u></b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="nis"><b>nis</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>500:65535</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The nis service queries the RPC service on the nis server host to find out the ports <b>ypserv</b> and <b>yppasswdd</b> are listening. Then, according to these ports it sets up rules on all the supported protocols (as reported by RPC) in order the clients to be able to reach the server. <p> For this reason, the nis service requires that: <ul> <li>the firewall is restarted if the nis server is restarted</li> <li>the nis server must be specified on all nis statements (only if it is not the localhost)</li> </ul> Since nis queries the remote RPC server, it is required to also be allowed to do so, by allowing the <a href="#portmap">portmap</a> service too. Take care, that this is allowed by the <b>running firewall</b> when sanewall tries to query the RPC server. So you might have to setup nis in two steps: First add the portmap service and activate the firewall, then add the nis service and restart the firewall. <p> This service has been created by <a href="https://sourceforge.net/tracker/?func=detail&atid=487695&aid=1050951&group_id=58425">Carlos Rodrigues</a>. His comments regarding this implementation, are: <p> <b>These rules work for client access only!</b> <p> Pushing changes to slave servers won't work if these rules are active somewhere between the master and its slaves, because it is impossible to predict the ports where <b>yppush</b> will be listening on each push. <p> Pulling changes directly on the slaves will work, and could be improved performance-wise if these rules are modified to open <b>fypxfrd</b>. This wasn't done because it doesn't make that much sense since pushing changes on the master server is the most common, and recommended, way to replicate maps.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>client nis accept <u>dst</u> <u>1.2.3.4</u></b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="nntp"><b>nntp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/119</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server nntp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="nntps"><b>nntps</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/563</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server nntps accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="ntp"><b>ntp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/123</b>
,
<b>tcp/123</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ntp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="nut"><b>nut</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/3493</b>
,
<b>udp/3493</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server nut accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="nxserver"><b>nxserver</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/5000:5200</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Default ports used by NX server for connections without encryption.<br> Note that nxserver also needs the <a href="#ssh">ssh</a> service to be enabled.<p> This information has been extracted from <a href="http://www.nomachine.com/developers/archives/nxusers/0022.php">this document</a>. As stated there, the TCP ports used by nxserver is 4000 + DISPLAY_BASE to 4000 + DISPLAY_BASE + DISPLAY_LIMIT. DISPLAY_BASE and DISPLAY_LIMIT are set in /usr/NX/etc/node.conf and the defaults are DISPLAY_BASE=1000 and DISPLAY_LIMIT=200.<p> For encrypted nxserver sessions, only <a href="#ssh">ssh</a> is needed.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server nxserver accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="oracle"><b>oracle</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1521</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server oracle accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="OSPF"><b>OSPF</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>89/any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server OSPF accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="p2p"><b>p2p</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server p2p accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="ping"><b>ping</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>N/A</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>N/A</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>This services matches requests of protocol <b>ICMP</b> and type <b>echo-request</b> (TYPE=8) and their replies of type <b>echo-reply</b> (TYPE=0). <p> The <b>ping</b> service is stateful.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ping accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="pop3"><b>pop3</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/110</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server pop3 accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="pop3s"><b>pop3s</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/995</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server pop3s accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="portmap"><b>portmap</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/111</b>
,
<b>tcp/111</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server portmap accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="postgres"><b>postgres</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/5432</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server postgres accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="pptp"><b>pptp</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1723</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>Additionally to the above the PPTP service allows stateful GRE traffic (protocol 47) to flow between the PPTP server and the client.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server pptp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="privoxy"><b>privoxy</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/8118</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server privoxy accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="radius"><b>radius</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/1812</b>
,
<b>udp/1813</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server radius accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="radiusold"><b>radiusold</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/1645</b>
,
<b>udp/1646</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server radiusold accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="radiusoldproxy"><b>radiusoldproxy</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/1647</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server radiusoldproxy accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="radiusproxy"><b>radiusproxy</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/1814</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server radiusproxy accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="rdp"><b>rdp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/3389</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><b>Remote Desktop Protocol</b> is the protocol used for Windows Remote Desktop Connections (known also as Terminal Services).<p> For more information see <a href="http://www.microsoft.com/windows2000/community/centers/terminal/terminal_faq.mspx">this FAQ</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server rdp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="rndc"><b>rndc</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/953</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server rndc accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="rsync"><b>rsync</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/873</b>
,
<b>udp/873</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server rsync accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="rtp"><b>rtp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/10000:20000</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.voip-info.org/wiki-RTP">RTP</a> is the internet standard protocol for the transport of real-time data, including audio and video. RTP is used in virtually all voice-over-IP architectures, for videoconferencing, media-on-demand, and other applications.<p> RTP ports are generally all the UDP ports.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server rtp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="samba"><b>samba</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The samba service automatically sets all the rules for <a href="#netbios_ns">netbios_ns</a>, <a href="#netbios_dgm">netbios_dgm</a>, <a href="#netbios_ssn">netbios_ssn</a> and <a href="#microsoft_ds">microsoft_ds</a>. <p> Please refer to the notes of the above services for more information. <p> NETBIOS initiates based on the broadcast address of an interface (request goes to broadcast address) but the server responds from its own IP address. This makes the <b>server samba accept</b> statement drop the server reply, because of the way the iptables connection tracker works. <p> This service definition includes a hack, that allows a linux samba server to respond correctly in such situations, by allowing new outgoing connections from the well known <a href="#netbios_ns">netbios_ns</a> port to the clients high ports. <p> <b>However, for clients and routers this hack is not applied because it would open all unpriviliged ports to the samba server.</b> The only solution to overcome the problem in such cases (routers or clients) is to build a trust relationship between the samba servers and clients.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server samba accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="sip"><b>sip</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/5060</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>5060</b>
,
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.voip-info.org/wiki-SIP">SIP</a> is the Session Initiation Protocol, an IETF standard protocol (RFC 2543) for initiating interactive user sessions involving multimedia elements such as video, voice, chat, gaming, etc. SIP works in the application layer of the OSI communications model.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server sip accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="smtp"><b>smtp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/25</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server smtp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="smtps"><b>smtps</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/465</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server smtps accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="snmp"><b>snmp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/161</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server snmp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="snmptrap"><b>snmptrap</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/162</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server snmptrap accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="socks"><b>socks</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/1080</b>
,
<b>udp/1080</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server socks accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="squid"><b>squid</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/3128</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server squid accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="ssh"><b>ssh</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/22</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server ssh accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="stun"><b>stun</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/3478</b>
,
<b>udp/3479</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.voip-info.org/wiki-STUN">STUN</a> is a protocol for assisting devices behind a NAT firewall or router with their packet routing.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server stun accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="submission"><b>submission</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/587</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server submission accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="sunrpc"><b>sunrpc</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/111</b>
,
<b>tcp/111</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>any</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server sunrpc accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="swat"><b>swat</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/901</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server swat accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="syslog"><b>syslog</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/514</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>syslog</b>
,
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server syslog accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="telnet"><b>telnet</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/23</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server telnet accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="tftp"><b>tftp</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>many</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
<font color=red><b>ip_conntrack_tftp</b></font> (CONFIG_IP_NF_TFTP)
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
<font color=red><b>ip_nat_tftp</b></font> (CONFIG_IP_NF_NAT_TFTP)
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>The TFTP service matches UDP TFTP connections by utilizing the TFTP connection tracker kernel module.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server tftp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="time"><b>time</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/37</b>
,
<b>udp/37</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server time accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="timestamp"><b>timestamp</b></a></td>
	<td align="center" valign="top">complex</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>N/A</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>N/A</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>This services matches requests of protocol <b>ICMP</b> and type <b>timestamp-request</b> (TYPE=13) and their replies of type <b>timestamp-reply</b> (TYPE=14). <p> The <b>timestamp</b> service is stateful.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server timestamp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="upnp"><b>upnp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/1900</b>
,
<b>tcp/2869</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://upnp.sourceforge.net/">UPNP</a> is Univeral Plug and Play.<p> For a linux implementation check: <a href="http://linux-igd.sourceforge.net/">Linux IGD</a>.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server upnp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="uucp"><b>uucp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/540</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server uucp accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="vmware"><b>vmware</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/902</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server vmware accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="vmwareauth"><b>vmwareauth</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/903</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server vmwareauth accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="vmwareweb"><b>vmwareweb</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/8222</b>
,
<b>tcp/8333</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server vmwareweb accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="vnc"><b>vnc</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/5900:5903</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server vnc accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="webcache"><b>webcache</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/8080</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server webcache accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="webmin"><b>webmin</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/10000</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><a href="http://www.webmin.com">Webmin</a> is a web-based interface for system administration for Unix.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server webmin accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="whois"><b>whois</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>tcp/43</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td>See: <a href="http://www.busan.edu/~nic/networking/firewall/ch08_08.htm">O'Reilly's Building Internet Firewalls book</a> about whois and firewalls.<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server whois accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr  bgcolor="#F0F0F0">
	<td align="center" valign="top"><a name="xbox"><b>xbox</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server xbox accept</b></td></tr>
	</table>
	</td>
	</tr>
<tr >
	<td align="center" valign="top"><a name="xdmcp"><b>xdmcp</b></a></td>
	<td align="center" valign="top">simple</td>
	<td>
		<table cellspacing=0 cellpadding=2 border=0>
		<tr>
<td align=right valign=top nowrap><small><font color=gray>Server Ports</td><td>&nbsp;
<b>udp/177</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Client Ports</td><td>&nbsp;
<b>default</b>
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter Modules</td><td>&nbsp;
</td></tr><tr><td align=right valign=top nowrap><small><font color=gray>Netfilter NAT Modules</td><td>&nbsp;
</td>
	</tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Notes</td><td><b>X Display Manager Control Protocol</b><br> See <a href="http://www.jirka.org/gdm-documentation/x70.html">http://www.jirka.org/gdm-documentation/x70.html</a> for a discussion about XDMCP and firewalls (this is about Gnome Display Manager, a replacement of XDM).<br>&nbsp;</td></tr>
	<tr><td align=right valign=top nowrap><small><font color="gray">Example</td><td><b>server xdmcp accept</b></td></tr>
	</table>
	</td>
	</tr>
</table>
</center>
<p>
<hr noshade size=1>
<table border=0 width="100%">
<tr><td align=center valign=middle>
	<A href="http://sourceforge.net"><IMG src="http://sourceforge.net/sflogo.php?group_id=58425&amp;type=5" width="210" height="62" border="0" alt="SourceForge Logo"></A>
</td><td align=center valign=middle>
	<b>Sanewall</b>, a firewall for humans...<br>
	&copy; Copyright 2004
	Costa Tsaousis <a href="mailto: costa@tsaousis.gr">&lt;costa@tsaousis.gr&gt</a>
</body>
</html>
